notorious ways of exploitation search engine - ijsrd · notorious ways of exploitation search...
TRANSCRIPT
IJSRD || National Conference on Advances in Computer Science Engineering & Technology || May 2017 || ISSN: 2321-0613
©IJSRD 2017 Published by IJSRD 112
Notorious Ways of Exploitation Search Engine
Sohesh Doshi1 Meet Gadhiya
2 Sanket B Suthar
3
1,2,3Department of Information Technology
1,2,3Charusat University, Changa, 388421, India
Abstract— As time goes the use of internet & technology increases and become the part of the human in routine life. All
people continuously use to share their information either it's private or public via various source on the internet. This
information directly and indirectly interact with Google database searching the keyword on Google search engine give precise
information but in vary large scale ,but use of Google dorks help us to narrow this scale and retrieve specific result. This
research paper's objective is mainly focus on how hackers use Google dorks to steal information on the database.
Key words: Google Search Engine, Exploitation Search Engine
I. INTRODUCTION
In Our Daily Lives, we are connected to the internet. 32 billion people are online on the internet. In 1995 it was less than 1%
people who used the internet. In 2016 there was more than 3 billion user. As per the current situation we do analysis of
internet users by regions worldwide since year 2000 to January 2017.
Year Internet User Non-Internet User World Population %
2000 414,794,957 5,711,827,164 6,126,622,121 6.8
2005 1,030,101,289 5,489,534,561 6,519,635,850 15.8
2010 2,023,202,974 4,906,522,069 6,929,725,043 29.2
2015 3,185,996,155 4,163,475,944 7,349,472,099 43.4
2017* 3,575,870,700 3,911,038,788 7,486,909,488 47.76
Table 1: Internet users
Fig. 1: Internet Users in World by Regions January 2017
Major Actives Performed by people on the internet are sent & Read Email, a search engine to find information,
search for map driving direction, Look for info on a hobby or interest etc. 85% People are Used Search engine 6,586,013,574
searches a day worldwide Google can process 40,000 query per a second, 3.5 billion per a day and 1.2 trillion searches per a
year [6].
Fig. 2: Activities on Internet by 26 February 2017
Steve Mansfield-Devine says that instead of using penetration testing software like NMAP, Nessus etc. use Google
and your first stop should be something much more basic: Google [5].
Notorious Ways of Exploitation Search Engine
(IJSRD/Conf/NCACSET/2017/025)
113
II. REVIEW OF LITERATURE
A. Google Basic
When you search in a Google search engine it gives appropriate search compare to others Search engine.
Google used some special kind of algorithm while other search engine doesn’t. Google used some auto med program
called "spider" or "crawl". Google also used some trademarked algorithm called "Page Rank" which assigns each Web page a
relevancy score [4].
This Algorithm depends on a few factors:-
Frequency and location of the keywords within a web page: If some of the keywords have a low frequency on a web page
then it assigns law rank to the web page.
How Long Webpage has Existed: People created web page daily goggle assign that web page how they important.
The number of other Web pages that link to the page in question: Google shows that how many other web pages link to
that site.
The third rule are easy than others let's consider example we search keyword “Techno" in Google. Google show that
pages on top whose rank is important or more than others. Because Google looks link to the web pages as a vote. The
Information we search on internet first content discovered then indexing and analysed than content and store in a huge
database when some query fetch gives a response or show relevant pages.
III. PROPOSED WORK
A. What Is Google Dorks?
Google Dorks is that kind of a person who gives secure, sensitive, and particular information from all the internet sources. We
can use Google Dorks for faster, better, and powerful search. If your website has some vulnerability than Google provides all
information to the hacker using this dork. The concept of Google dorks create by Johnny long 2002 and uncovered the
vulnerable system and disclosed sensitive information. Google hacking techniques were the focus of a book released by
Johnny Long in 2005, called Google Hacking for Penetration Testers, Volume 1 Don't Underestimate power of Google dorks
most powerful search in world.
B. Types of Vulnerability Google Dorks Can Revel
Footholds
Web server detection
Files contains username
Sensitive directory
Vulnerable files
Files contain password
Vulnerable server
Sensitive online shopping info
Error message
Juicy files
Login portal
Various online device
Network files or more
C. List of dorks with example
In this section we are going to test total 7 dorks and do analysis the results retrieved from Google search engine among
thousands of dorks. Here by using “intitle” we retrieves the “page title”, by using “filetype” we retrieves the particular file
from the website, by using “cache” we retrieves particular cache of the website, by using “intext” we retrieves “website text”,
by using “link” we retrieves links of particular website that are connected with other website, by using “phonebook” we
retrieves the phone number of particular person, by using “related” we retrieves the website which are related with each other
[2], by using “site” we can able to search for particular site or domain
1) In title Dork
Fig. 3: Searching database password files with the help of “intitle dork”
Notorious Ways of Exploitation Search Engine
(IJSRD/Conf/NCACSET/2017/025)
114
2) File type Dork
Fig. 4: Searching file formats using “filetype dork”
3) Cache Dork
Cache: www.timesofindia.com
This keyword gives us particular cache of the website for specific date and time. If we want to read the content of particular
website before the current time, it can be possible by entering “cache” keyword.
4) In text Dork
Fig. 5: Searching admin login page using “intext dork” [1]
5) Link Dork
Fig. 6: Searching all the links for particular website using "link dork"
Notorious Ways of Exploitation Search Engine
(IJSRD/Conf/NCACSET/2017/025)
115
6) Phonebook Dork
Fig. 7: Searching phone number of particular person using "phonebook dork"
7) Related Dork
Fig. 8: Related website list which contain news keyword
8) Site Dork
Fig. 9: List of all site which are include with "charusat.ac.in" using "site dork”
D. Real Time Implementation
As we have seen individual dork examples in previous section for retrieving documents, images, personal files, phone
numbers, website admin related links etc., now we can combine these dorks and create some queries and we get talismanic
results.
Here below we executed some queries by applying some combinations of dorks:
1) Multimedia File Query
multimedia name -inurl:(htm|html|php|pls|txt) intitle:index.of \"last modified\" (mp4|wma|aac|avi)"
Notorious Ways of Exploitation Search Engine
(IJSRD/Conf/NCACSET/2017/025)
116
In this query the multimedia name can be like movie name, music artist name etc. This query “inurl dork” searches html, htm,
php, pls, text content and “intitle dork” searches for index for particular website that contains mp4, wma, aac, avi files. User
can also modify as per their requirements.
Fig. 10: Multimedia file query
2) Find Book Using This Query
allinurl: +(rar|chm|zip|pdf|tgz) Book name
By using this query we can find books from parent directory of particular website. In above query “allinurl dork” can search
in parent directory that modified last time which gives us file in rar, chm, zip, pdf and tgz format. By modifying this query
user can get file in any format.
Fig. 11: Find Book using This Query
E. List of dorks that can be mixed or not with other operator
Fig. 12: Dorks that mixed with other operators [7]
IV. CONCLUSION
We have already outlined some of the dorks and the combination of the dorks which are used to download secret or private
documents from the index of the website and by using this we get talismanic results. Google dorks have their own pros and
cons, end user able to hack a website and web developer cannot protect their information. The hackers can able to get
database related information which is very serious issue.
REFERENCES
[1] Priyanka VK. “Detection of SQL Injection Attack and Various Prevention Strategies”. International Journal of
Engineering and Advanced Technology (IJEAT) vol. 2013, pp. 457-60.
[2] Wilhoit, Kyle. "Who’s Really Attacking Your ICS Equipment?." Trend Micro (2013).
[3] Lancor, Lisa, and Robert Workman. "Using Google hacking to enhance defence strategies." In ACM SIGCSE Bulletin,
vol. 39, no. 1, pp. 491-495. ACM, 2007.
[4] Invernizzi, Luca, and Paolo Milani Comparetti. "Evilseed: A guided approach to finding malicious web pages." In
Security and Privacy (SP), 2012 IEEE Symposium on, pp. 428-442. IEEE, 2012.
[5] Mansfield-Devine, Steve. "Google hacking 101." Network Security 2009, no. 3 (2009): 4-6.
[6] Zhang, Jialong, Jayant Notani, and Guofei Gu. "Characterizing Google hacking: a first large-scale quantitative study." In
International Conference on Security and Privacy in Communication Systems, pp. 602-622. Springer International
Publishing, 2014.
[7] Vaibhav Sharma, Dr. Yashpal Singh International Journal of Enhanced Research in Management & Computer
Applications, Vol. 5 Issue 6, June-2016.